DESCRIPTION:
Sammy Forgit has discovered a vulnerability in the Dione FileUploader
module for Joomla!, which can be exploited by malicious people to
compromise a vulnerable system.
The vulnerability is caused due to the
modules/mod_dionefileuploader/upload.php script allowing the upload
of files with arbitrary extensions to a folder inside the webroot.
This can be exploited to execute arbitrary PHP code by uploading a
malicious PHP script.
The vulnerability is confirmed in version 1.0.1. Other versions may
also be affected.
SOLUTION:
Restrict access to the modules/mod_dionefileuploader/upload.php
script (e.g. via .htaccess).
PROVIDED AND/OR DISCOVERED BY:
Sammy Forgit, OpenSysCom.
ORIGINAL ADVISORY:
OpenSysCom:
http://www.opensyscom.fr/Actualites/joomla-modules-dione-fileuploader-arbitrary-file-upload-vulnerability.html